A representative for the Department of Justice said on Wednesday that a San Francisco jury had found Joseph Sullivan, the former chief security officer of Uber Technologies Inc (UBER.N), guilty of criminal obstruction for failing to alert the authorities about a cybersecurity breach in 2016.
Sullivan, who lost his job at Uber in 2017, was convicted on two counts: obstructing the course of justice and willful concealment of a felony.
According to Stephanie Hinds, U.S. Attorney for the Northern District of California, “Sullivan actively worked to conceal the data breach from the Federal Trade Commission (FTC) and took steps to prevent the hackers from being apprehended.”
The complaint involves a system breach at Uber that exposed the data of 57 million users, including drivers and passengers. For a year, the firm kept the incident quiet.
As part of a deal with US prosecutors in July to avoid criminal prosecution, Uber admitted responsibility for hiding the breach and consented to assist in Sullivan’s prosecution for allegedly helping to hide the hacking.
Reuters’ requests for response from Sullivan’s attorney David Angeli and the FTC were not immediately fulfilled.
Sullivan was first charged in September of 2020. At the time, according to the prosecution, he arranged for the hackers to get $100,000 in bitcoin and had them sign bogus nondisclosure agreements that claimed they had not taken any data.
Sullivan was also charged with obstructing information from Uber representatives who may have informed the FTC, which was inspecting the San Francisco-based company’s data security after a breach in 2014.
In September 2018, Uber paid $148 million to settle claims by all 50 U.S. states and Washington, D.C., that it was too slow to disclose the hacking.